Intel has announced a big (VCSSv3 8.4 and 9.8 critical) bug in their AMT/ISM/SBT technologies, which are mostly only in their business lines. Most consumer desktops will not be affected. It seems more laptops than you would think are affected so if you have an Intel-based laptop from 0-6 years old you might want to check this out. If you have a desktop with a "Q" chipset (aka vPro) then you also are probably affected.
I'll repeat this so as to not cause undo alarm: MOST HOME DESKTOP SYSTEMS ARE *NOT* AFFECTED.
Looks like this flaw could let an attacker take full control of the system, probably including remote BIOS/desktop and/or OS image control (not sure about file system?). Not sure if exploits are actually in the wild yet, but once they are, just using any public wifi could get you hosed. And this isn't just a Windows user problem like all the RansomWare: this one is at the hardware/BIOS level so it affects all OS users.
Patched firmware coming soon, or are already out.
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&l...
Here's direct links to the list of affected systems for brands relevant to my customers (other brands are at the link above):
https://support.lenovo.com/ca/en/product_security/len-14963 https://www.intel.com/content/www/us/en/support/boards-and-kits/000024181.ht... https://www.asus.com/News/uztEkib4zFMHCn5r
Note, for Lenovo laptops: W series W520 and up are affected, and most T and X series.
There are Windows (and maybe Ubuntu) programs you can d/l to check if you have an affected system. Check the firmware site for your system often until a fix is posted and then apply it.
-- Your friendly neighbourhood MUUG security announcer
-
Trevor Cordes